IT disaster recovery, cloud computing and information security news

Daisy

DNS redirection security mechanism flawed say researchers

Cloud-based security providers commonly use DNS redirection to protect customers' websites: however, computer scientists from KU Leuven, Belgium, and digital research centre iMinds have found that the protected IP address can be retrieved in more than 70 percent of cases. This means that the DNS redirection security mechanism can easily be bypassed.

Nearly 18,000 websites, protected by five different providers, were subjected to the research team's DNS redirection vulnerability tests. To assist the testing, the researchers built a tool called CLOUDPIERCER, which automatically tries to retrieve a website’s original IP address based on eight different methods.

"Previous studies had already described a number of strategies that can be used to retrieve a website's original IP address. We came up with a number of additional methods. We were also the first to measure and verify the exact impact of these strategies on a larger scale," says Thomas Vissers. "The results were pretty convincing: in more than 70 percent of the cases, CLOUDPIERCER was able to effectively retrieve the website's original IP address, thereby providing the exact info that is needed to launch a successful cyberattack. This clearly shows that the DNS redirection strategy still has some serious shortcomings."

The researchers have already shared their results with the cloud-based security providers who were tested, allowing them to respond properly to the risk that their customers are still running. However, the researchers also want to inform other businesses and website owners about the shortcomings of the popular DNS redirection strategy. To help with this CLOUDPIERCER has been made available free of charge.

"With CLOUDPIERCER, people can test their own website against the eight methods that we have used in our research. CLOUDPIERCER scans the website, and indicates to which IP detection method it is most vulnerable," says Thomas Vissers.

When websites use DNS redirection as a defence mechanism against cyberattacks, two simple measures can be taken to prevent the original IP address from being retrieved. One option is adjusting the website's firewall settings to only allow web traffic from the cloud-based security provider. Alternatively, the IP address of the website can be changed once the contract with the cloud-based security provider is initiated.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.